6 Things You Didn’t Know About Cloud and Data Center Security

With so much data stored in data centers and cloud storage environments, how do we know our information is secure? Here are some insights that most organizations may not be aware of when it comes to cloud and data center security.

Vivian Cullipher Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s communications and content manager, she supports the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.

Cloud Usage is Growing—And Fast!

We live in a society where people demand the ability to access content from wherever they are and from any multitude of connected devices. Whether we’re remotely editing a report while away on business or downloading photos from our latest vacation, cloud service providers and data centers make it possible. And with cloud solutions available to anyone and the internet of things growing rapidly, usage shows no sign of slowing down. In fact, Cisco projects cloud traffic annual global cloud IP traffic will reach 14.1 ZB (1.2 ZB per month) by the end of 2020, up from 3.9 ZB per year (321 EB per month) in 2015.

Types of Cloud Services

Companies tend to keep track of things such as finances using a private cloud hosted in their own private data center. This sits behind a firewall to keep sensitive company data protected.

Public cloud environments, such as CRM services and Infrastructure as a Service (IaaS), on the other hand, are publicly accessible; anyone can sign up for an account, login and store data.

Organizations can leverage the best of both worlds by maintaining some services and data in-house, while using public cloud services for everything else. There are touch points where services speak to each other and data is shared or divided between public and private. This, in a nutshell, is a hybrid cloud environment.

With so much data stored in data centers and cloud storage environments, how do we know our information is secure? Here are some insights that most organizations may not be aware of when it comes to cloud and data center security.

#1: It doesn’t take much for a hacker to break through a firewall.

Think of a firewall like an egg; the shell acts as a protection layer, but as soon as the shell is cracked, you’re in. Unfortunately, hackers are finding more sophisticated ways of breaking through firewalls to gain access to information behind the protection layer. It’s all well and good to have a firewall, but if other areas of security are slacking, this weakens it and leaves companies vulnerable to attack. But, what if my data is encrypted, surely it’s safe. Right? To an extent, yes. Encryption adds an extra layer of defense for attackers to negotiate. The thing to remember is – keep an eye on which individuals are granted access to encryption keys because insider security breaches happen a lot more often than we think.

#2: ‘Travel-proof’ your data.

Huge amounts of data are sent from one data center to another, every second of every day. Say you’re sending data from your organization’s private data center to a public cloud. You have to be careful that data which has been under a data-at-rest encryption remains encrypted while it’s transferred to the external party. Encrypting data at each point is great, but what about when the data is most vulnerable during transfer? Cyber criminals can pose as one of the session endpoints – meaning that the unprotected data is intercepted during transit. To protect data from being intercepted, organizations must use strong traffic encryption, SSL and VPN solutions. The data is encrypted before it leaves its origin and once the end user has received it, they’re given a specific encryption key that allows them to unlock it.

#3: Insecure APIs are a major threat.

Insecure APIs pose a big threat to data security. Application Programming Interfaces (APIs) are simply a way to receive information and pass it on to trusted partners. Unknowingly, the majority of us are using APIs on a daily basis, for example, using our Facebook ID to sign into multiple applications – this relies on an API. In one sense, APIs are very convenient and great time savers. On the downside, however, the fact that they’re publicly available allows hackers to easily write their own APIs which, in turn, fool our system or verification, making us vulnerable to data theft. The only real way we can try to protect ourselves is to be aware of where we are submitting information and to use strong passwords and encrypt data during transmission, whenever possible.

#4: Erasing the cloud doesn’t erase physical servers.

Every virtual layer sits on top of a physical server or storage environment. So it’s not just virtual security we need to worry about, but also the security of physical servers hosting these environments. What happens when one of these physical servers is decommissioned? Sure, we can just unplug it and throw it away, but we’re throwing the data away with it.

The same can be applied to virtualized environments, where virtual machines and storage are all being hosted on the same physical storage. One user could self-provision a virtual drive that is 10 TB large. Their project comes to an end and they delete it from the cloud environment. This space will then be freed up for another user, who has access to the same resource pool. The issue here is that if the second user ran a recovery on that same data storage space, they may be able to recover the previous user’s data.

hat I’m trying to say here is that you may think your data is deleted from the cloud, but you’re actually just removing the pointers to that data. Make sure when you’re removing data from the cloud that you have proof that both the virtual layer at the end-of-life of the data and physical drives at end-of-life of the hardware have been securely erased too.

#5: Erasing devices doesn’t mean you don’t need to erase the cloud.

This next point is the same as the last, but just in reverse. What happens when your phone, tablet or laptop is lost or stolen? Apple, Google, HTC, Huawei, Motorola, Microsoft, Nokia and Samsung have recently signed pledges to say that pre-installed ‘kill switches’ will be on all of their new devices. But when a mobile device is lost or stolen and doesn’t have the kill switch activated, there’s a risk that it can fall into the wrong hands and be used to access data stored in the cloud.

Remember the infamous scandal in 2014 when the iCloud accounts of dozens of celebrities were hacked? For actresses like Jennifer Lawrence and Kate Upton, it was tough to escape the embarrassment and frustration of leaking nude photos. But for the world at large, one where the benefits of speed, convenience and control make us jump at using the Cloud, this incident should also serve as a rude wake-up call about cloud security. Always be acutely aware of what’s in the cloud. Whether it’s that document you shared on Dropbox, that email you sent to a coworker from your iPhone 6 or that photo you texted to a friend could be at risk, you may be inadvertently sending sensitive data to insecure servers. Next, be sure to securely erase the data from both your own devices as well as requesting the secure erasure of your data from your cloud provider, with a report as proof.

#6: Using multi-layered password controls could be a life saver.

Finally, the most obvious and simple step of all is setting up strong passwords. But how many people use things like dates of birth or other easy-to-discover passwords? More than you think. We’re all guilty of it, using that one, easy-to-remember password that just barely meets the ‘acceptable’ password criteria containing one capital letter and a number. But, this just isn’t good enough.

In 2014 Russian cyber criminals hacked 1.2 billion user names and passwords, claiming that the information came from more than 420,000 websites. So how can we crack down on password hacking? Banks have got it right when it comes to secure internet banking. Using multi-layered password controls whereby the user has to enter a username, password and then a verification number to verify the particular session is a simple, yet effective, way of protecting data in cloud and data center environments – and one that other organizations should follow. Other methods include tools like Microsoft’s Azure Active Directory which can be used to alert users to stolen credentials or simultaneous logins to managed devices from different locations. So remember, if you’re password is easy to remember, chances are it’s easy to hack.

Cloud and Data Security Next Steps

To help overcome cloud and data center security vulnerabilities, consider a free trial for your data center to see how our erasure solutions can benefit your environment.

2021 update: Blancco has added Blancco Drive Eraser to the AWS Marketplace for cloud migration. Contact us to learn more.